Configure RECOG user provisioning

Once you set up single sign-On (SSO), your next step as an administrator is to set up automated user provisioning. This lets you authorize, create, modify, or delete your user's identity once in G Suite. You can also see identity changes reflected in RECOG.

Once provisioning is on, Google starts collecting usage information. You'll see the usage information section next to the User provisioning section. There won't be any numbers next to the event names until you enable provisioning.

The following event names provide the usage information for the last 30 days:

Sign in using your administrator account (does not end in @gmail.com).

From the Admin console Home page, go to Apps SAML Apps.

To see Apps on the Home page, you might have to click More controls at the bottom.

Open the RECOG application.

Select the User provisioning section.

In this section, click Edit provisioning scope.
A new Set provisioning scope window appears.

In the Set provisioning scope dialog box, add a group to restrict provisioning to members of groups you define:

Click the underscore and start entering your group name.
A list of available groups appears. Selecting one adds it and opens another underscore for you to add another.

If necessary, add more groups.

(Optional) To remove a group you added, next to it, click .

Once you’re done, click Finish.

The next time you click Edit provisioning scope under the User provisioning section, the groups you added appear in the Set provisioning scope window. If you turned on the RECOG application for a set of organizational units, the provisioning scope is restricted to those users in the added groups who are also members of those organizations.